NDES and Intune Best Practices | Get Better At Articulating What PKIs Do

Throughout the pandemic, we are seeing an increasing number of requests and questions from customers about the nuances of setting up Microsoft Intune and Microsoft NDES (Microsoft’s implementation of SCEP). We have also seen that customers get in trouble regarding certificates and the hybrid architecture of on-prem NDES and cloud-based Intune.

At PKI Solutions we follow the golden rule:

A poorly designed, executed or managed PKI can introduce more security issues than it solves

This is even more apt when it comes to NDES and InTune. The misconfiguration of NDES certs can allow a malicious actor to pretend to be a CEO or a Domain Administrator. And have full access to your sensitive data.

The challenge is compounded by a lack of best practices, poor documentation around NDES, and overall Intune integration.

This is such a popular topic that we are releasing a series of blog posts to address this. Our posts will cover:

• Architecture and the components that makeup NDES and Intune. Yes, we will be covering the popular Intune connector.
• Best practices.
• Pitfalls to avoid.

But before we get into the technical, we also see a pattern of:

Stretched thin PKI Engineers and their managers cannot consistently articulate the business case of spending time and money on NDES/PKIs

As a result, the critical Infrastructure of PKIs doesn’t get the attention required.

This is why we are going to start with the Objective that NDES with InTune enables for the business:

Improve employee productivity through enhanced mobile device experiences while protecting company data and respecting employee privacy.

Let’s run through some business-level scenarios:

Re-imagining retail or banking with modern mobile customer and employee experiences

Think about the banking experience of the future: a Cool Café like environment where we as consumers would like to spend more time exploring services that the bank has to offer than feel like we are in the waiting room of a hospital.

Anytime, anywhere access from the device of choice to get things done

A production manager on the factory floor wants to increase productivity by making application access easy and efficient. Maintaining the flow, instead of disrupting it, will help them meet production goals and customer demand.

Employee satisfaction and trust

For an employee, having an added employer-supplied mobile device can be cumbersome. On the other hand, the Bring Your Own Device (BYOD) policy can be attractive for employees but raises security risks for the company. Companies want to protect their data and ensure secure access to the company systems. Also, employees are wary of companies violating their privacy and extending control to their private lives.

This is where a Mobile Device Management solution that uses Public Key Infrastructure helps. It addresses the

• Need for frictionless customer experiences, and
• Security requirements, and
• Assurances of privacy

Now that we have the Business Objectives and the background out of the way, our next blog will cover:

Architectural components that make up the MS Intune and NDES environment